@inproceedings(stpsa12, author = "David Hauzar and Jan {Kofro\v n}", year = "2012", title = "{On Security Analysis of PHP Web Applications}", booktitle = "STPSA 2012", publisher = "IEEE", pages = "577--582", doi = "10.1109/COMPSACW.2012.106", ) @misc(weverca, author = "David Hauzar and Jan {Kofro\v n}", year = "2014", title = "\textsc {Weverca}", howpublished = "\url {http://d3s.mff.cuni.cz/projects/formal_methods/weverca/}", ) @inproceedings(Jang:2009:PAJ:1529282.1529711, author = "Dongseok Jang and Kwang-Moo Choe", year = "2009", title = "Points-to analysis for JavaScript", series = "SAC '09", publisher = "ACM", address = "New York, NY, USA", pages = "1930--1937", doi = "10.1145/1529282.1529711", ) @inproceedings(Jovanovic2006, author = "N. Jovanovic and C. Kruegel and E. Kirda", year = "2006", title = "{Pixy: a static analysis tool for detecting Web application vulnerabilities}", booktitle = "S\&P'06", publisher = "IEEE", doi = "10.1109/SP.2006.29", ) @inproceedings(phantm, author = "Etienne Kneuss and Philippe Suter and Viktor Kuncak", year = "2010", title = "Runtime Instrumentation for Precise Flow-Sensitive Type Analysis", booktitle = "RV", pages = "300--314", doi = "10.1007/978-3-642-16612-9\_23", ) @inproceedings(Livshits:2013, author = "Benjamin Livshits and Stephen Chong", year = "2013", title = "Towards Fully Automatic Placement of Security Sanitizers and Declassifiers", series = "POPL '13", publisher = "ACM", address = "New York, NY, USA", pages = "385--398", doi = "10.1145/2429069.2429115", ) @book(Nielson:1999, author = "Flemming Nielson and Hanne R. Nielson and Chris Hankin", year = "1999", title = "Principles of Program Analysis", publisher = "Springer-Verlag New York, Inc.", address = "Secaucus, NJ, USA", doi = "10.1007/978-3-662-03811-6", ) @inproceedings(Schafer:2013, author = "Max Sch\"{a}fer and Manu Sridharan and Julian Dolby and Frank Tip", year = "2013", title = "Dynamic Determinacy Analysis", series = "PLDI '13", publisher = "ACM", address = "New York, NY, USA", pages = "165--174", doi = "10.1145/2499370.2462168", ) @inproceedings(Sridharan:2011, author = "Manu Sridharan", year = "2011", title = "F4F: Taint Analysis of Framework-based Web Applications", series = "OOPSLA '11", publisher = "ACM", address = "New York, NY, USA", pages = "1053--1068", doi = "10.1145/2048066.2048145", ) @inproceedings(Sridharan:2012, author = "Manu Sridharan", year = "2012", title = "Correlation Tracking for Points-to Analysis of Javascript", series = "ECOOP'12", publisher = "Springer-Verlag", address = "Berlin, Heidelberg", pages = "435--458", doi = "10.1007/978-3-642-31057-7\_20", ) @inproceedings(Tripp:2009:TET:1542476.1542486, author = "Omer Tripp", year = "2009", title = "TAJ: Effective Taint Analysis of Web Applications", series = "PLDI '09", publisher = "ACM", address = "New York, NY, USA", pages = "87--97", doi = "10.1145/1542476.1542486", ) @inproceedings(Tripp:2013, author = "Omer Tripp", year = "2013", title = "ANDROMEDA: Accurate and Scalable Security Analysis of Web Applications", series = "FASE'13", publisher = "Springer-Verlag", address = "Berlin, Heidelberg", pages = "210--225", doi = "10.1007/978-3-642-37057-1\_15", ) @inproceedings(Wei:2013, author = "Shiyi Wei and Barbara G. Ryder", year = "2013", title = "Practical Blended Taint Analysis for JavaScript", series = "ISSTA 2013", publisher = "ACM", address = "New York, NY, USA", pages = "336--346", doi = "10.1145/2483760.2483788", ) @article(Yu2010, author = "Fang Yu and Muath Alkhalaf and Tevfik Bultan", year = "2010", title = "{Stranger: An automata-based string analysis tool for PHP}", journal = "TACAS'10", doi = "10.1007/978-3-642-12002-2\_13", )